Beruflich Dokumente
Kultur Dokumente
byTomSchauer
CISSP,CISA,CISM,GCIH,CTGA CEOofTrustCC
Agenda
AllRightsReserved.
AllRightsReserved.
Check usoutatwww.trustcc.com!
Copyright 2010
ChronologyofDataBreachessince2005
AllRightsReserved.
AllRightsReserved.
AllRightsReserved.
Check usoutatwww.trustcc.com!
Copyright 2010
AllRightsReserved.
CyberCrimeexceedsDrugTrafficking
AllRightsReserved.
AllRightsReserved.
Check usoutatwww.trustcc.com!
Copyright 2010
LostLaptopsandMobileMedia
AllRightsReserved.
WirelessTechnologyRisks
AllRightsReserved.
HouseSitesHacked
AllRightsReserved.
Check usoutatwww.trustcc.com!
Copyright 2010
AllRightsReserved.
AllRightsReserved.
OnePWforEverything
AllRightsReserved.
Check usoutatwww.trustcc.com!
Copyright 2010
Spam,SpamandmoreSpam
AllRightsReserved.
IsMacmoresecurethanWindows?
AllRightsReserved.
Vishing,Phishing,OhMy
AllRightsReserved.
Check usoutatwww.trustcc.com!
Copyright 2010
PhishingeMail
AllRightsReserved.
Botnets
AllRightsReserved.
SecurityPopUpAds
AllRightsReserved.
Check usoutatwww.trustcc.com!
Copyright 2010
BeingSecure
AllRightsReserved.
SecuretheRightThings
AllRightsReserved.
CustomersSuingBanks severalcases
AllRightsReserved.
Check usoutatwww.trustcc.com!
Copyright 2010
KeyPointsintheFraud
AllRightsReserved.
AllRightsReserved.
TrustCCs EFTFraudRecommendations
1. Offerstronganddynamicauthentication 2. Contractuallyadvisecustomersoftheneedtocomplywith securitybestpractices 3. Educatecustomersaboutthreatandcontrols 4. RecommendaSecuritySelfAssessmentandencourage customerstoremediateidentifiedsecurityweaknesses 5. Monitorregularlytodetectunusualactivity OurTrustED BriefingandSelfAssessmentoffers unprecedentedhelptoFinancialInstitutions.
AllRightsReserved.
Check usoutatwww.trustcc.com!
Copyright 2010
AllRightsReserved.
SocialNetworkingRisksandReward
For many people, social networking has become as much of a daily routine as brewing coffee and brushing teeth. IT administrators dislike it and cyber crooks depend on it. Bill Brenner
AllRightsReserved.
SocialNetworkingAdvantages
AllRightsReserved.
Check usoutatwww.trustcc.com!
10
Copyright 2010
AllRightsReserved.
AllRightsReserved.
Buttheindividualmight
AllRightsReserved.
Check usoutatwww.trustcc.com!
11
Copyright 2010
Whataboutanemployeesaccount?
AllRightsReserved.
WhoisChipConley?
AllRightsReserved.
ImposterProfiles
AllRightsReserved.
Check usoutatwww.trustcc.com!
12
Copyright 2010
ChallengeResponseQuestions
AllRightsReserved.
AnotherDEFCONContest
AllRightsReserved.
Poll
Whatconcernsyoumostaboutsocialnetworking?
A)impacttoproductivity B)Informationleakage C)Misrepresentation D)Malwaredistribution E)Alloftheaboveandmore
AllRightsReserved.
Check usoutatwww.trustcc.com!
13
Copyright 2010
HowtoDoSocialMedia
AllRightsReserved.
AdministrativeControl
AllRightsReserved.
TechnicalControls
AllRightsReserved.
Check usoutatwww.trustcc.com!
14
Copyright 2010
MultiFunctionPeripheralorMadeforexPloitation
IneedanothermeaningfortheacronymMFPconsidered madeforpenetrationbutitsoundsxrated. WhatdoMFPs doforHackers? MFPharddrivesstorepreviouslyprinteddocuments MFPs likelyhavealocaladministratoraccountthatcould havethesamepasswordasothersystems MFPs canberootedandthenmadetophonehome
AllRightsReserved.
PrinterPopping
AllRightsReserved.
PatchManagementorPatchMayhem
MicrosoftreleasesOutofBandupdatesasfrequentlyas LindsayLohan goestojailordrugrehab. StandardMicrosoftPatchingToolssuchasWindowsServer UpdateServices(WSUS)regularlyprovidefalsereporting. Someupdatesreintroducepreviouslypatched vulnerabilities Microsoftupdatesarejustonebrandofthemanyupdates thatareneeded:Adobe,Cisco,Symantec,BackupExec,etc Somevendorsareresistantorlatefordinnerwhenit comestopatchsupport
Copyright 2010, TrustCC. AllRightsReserved.
Check usoutatwww.trustcc.com!
15
Copyright 2010
88isabignumber
AllRightsReserved.
Everysystemneedsupdates
AllRightsReserved.
Solutions
AllRightsReserved.
Check usoutatwww.trustcc.com!
16
Copyright 2010
AllRightsReserved.
HackersforHire Why
AllRightsReserved.
KeyControls
Also, Note the format of the table specifically meets GLBA ISRA Guidelines.
AllRightsReserved.
Check usoutatwww.trustcc.com!
17
Copyright 2010
Whoshouldyouhire?
FFIECsays History, Reputation,References, Experiencedwith ControlsandFinancial Institutions,Capability, Certifications,Insured, InternalControls, Current,Financially Sound,Compliant,etc
AllRightsReserved.
WhatShouldYouTest?
Whatareyourkeycontrols?
Physical Administrative Technical
BoardGovernance
AllRightsReserved.
Check usoutatwww.trustcc.com!
18
Copyright 2010
TheBuckStopsHere!
AllRightsReserved.
SampleOnePageSecurityReport
AllRightsReserved.
ATMInsecurity ShouldIbeConcerned?
Youshouldbeconcernedif:
YourunTritonorTranex ATMs YoudontphysicallyinspectyourATMseveryday YouhavenotperformedaTR39review YoucannotspellATM YourATMsaremissingsecuritypatches
AllRightsReserved.
Check usoutatwww.trustcc.com!
19
Copyright 2010
BarnabyJack
AndtheATMsspilledthecash!
AllRightsReserved.
ATMSkimmingEquipment
AllRightsReserved.
ATMPINManagement(TG3nowTR39)
IfaSTARMemberweretofailtocomplywithsuch requirementsandacompromiseweretooccurthatcould havebeenpreventedifthatSTARMemberhadbeen compliant,STARwillholdthatSTARMemberliableforthe resultantfraudlossesincurredbyeachotherparticipantin theSTARNetwork. EachSTARMembershould,therefore, continuetoconductaperiodicreviewofitsenvironmentto ensurethatitandanythirdpartyactingonitsbehalfis compliantwithSTARsecurityrequirements.
TR39looksatphysical,administrativeandtechnicalsecurity requirementsandcouldpreventskimmingandotherATMfraud.
AllRightsReserved.
Check usoutatwww.trustcc.com!
20
Copyright 2010
TR39ReviewQuestions
Doyouhavewrittenproceduresthatyoufollow thatprovidefortheremovalofKeysfromanATM whensendingtheATMforservice? Doyouhavefulldualcontrolandseparate knowledgeforallKeycomponentsinallstagesof thekeylifecycle? DoyoudoublelengthKeysinyourATMs? DoesyourvendormaintainarecordofeveryKey managementactivity?
AllRightsReserved.
ATMsfrequentlyhavevulnerabilities
AllRightsReserved.
HelpYourCustomers/Members!
AllRightsReserved.
Check usoutatwww.trustcc.com!
21
Copyright 2010
AllRightsReserved.
AllRightsReserved.
ContactUS!
AllRightsReserved.
Check usoutatwww.trustcc.com!
22
Copyright 2010
TrustCC Resources
AllRightsReserved.
ReadOurBlog
AllRightsReserved.
QuestionsandConversation
AllRightsReserved.
Check usoutatwww.trustcc.com!
23